From 47aab96dfaae2d7b78772ad05008376dab333bd2 Mon Sep 17 00:00:00 2001 From: Jan Date: Tue, 18 Nov 2025 17:43:10 +0100 Subject: [PATCH] added right-management to the rights of the first user. --- .../de/avatic/lcc/config/LccOidcUser.java | 21 ++++++++++++++++--- .../de/avatic/lcc/config/SecurityConfig.java | 12 ++++++----- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/src/main/java/de/avatic/lcc/config/LccOidcUser.java b/src/main/java/de/avatic/lcc/config/LccOidcUser.java index c27de44..444253a 100644 --- a/src/main/java/de/avatic/lcc/config/LccOidcUser.java +++ b/src/main/java/de/avatic/lcc/config/LccOidcUser.java @@ -7,6 +7,7 @@ import org.springframework.security.oauth2.core.oidc.OidcIdToken; import org.springframework.security.oauth2.core.oidc.OidcUserInfo; import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser; +import java.util.ArrayList; import java.util.Collection; import java.util.List; @@ -26,13 +27,27 @@ public class LccOidcUser extends DefaultOidcUser { public static User createDatabaseUser(String email, String firstName, String lastName, String workdayId, boolean isFirstUser) { User user = new User(); - Group group = new Group(); - group.setName(isFirstUser ? "service" : "none"); + var groups = new ArrayList(); + + if(isFirstUser) { + var g = new Group(); + g.setName("service"); + groups.add(g); + + g = new Group(); + g.setName("right-management"); + groups.add(g); + } else { + var g = new Group(); + g.setName("none"); + groups.add(g); + } + user.setEmail(email); user.setFirstName(firstName == null ? "" : firstName); user.setLastName(lastName == null ? "" : lastName); - user.setGroups(List.of(group)); + user.setGroups(groups); user.setWorkdayId(workdayId == null ? "" : workdayId); user.setActive(false); diff --git a/src/main/java/de/avatic/lcc/config/SecurityConfig.java b/src/main/java/de/avatic/lcc/config/SecurityConfig.java index 4bcc3d2..be0b2fe 100644 --- a/src/main/java/de/avatic/lcc/config/SecurityConfig.java +++ b/src/main/java/de/avatic/lcc/config/SecurityConfig.java @@ -292,21 +292,23 @@ public class SecurityConfig { } if (user != null) { - user.getGroups().forEach(g -> log.debug("Local group: {}", g.getName())); - user.getGroups().forEach(group -> mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + group.getName().toUpperCase()))); userId = user.getId(); } else { if (email != null && firstName != null && lastName != null && (ignoreWorkdayClaim || workdayId != null)) { var isFirstUser = userRepository.count() == 0; - userId = userRepository.update(LccOidcUser.createDatabaseUser(email, firstName, lastName, ignoreWorkdayClaim ? generateRandomWorkdayId() : workdayId, isFirstUser)); - mappedAuthorities.add(new SimpleGrantedAuthority(isFirstUser ? "ROLE_SERVICE" : "ROLE_NONE")); + user = LccOidcUser.createDatabaseUser(email, firstName, lastName, ignoreWorkdayClaim ? generateRandomWorkdayId() : workdayId, isFirstUser); + userId = userRepository.update(user); + } else { log.debug("Unable to create user {} / {}", email, workdayId); mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_NONE")); } } - + if (user != null) { + user.getGroups().forEach(g -> log.debug("Local group: {}", g.getName())); + user.getGroups().forEach(group -> mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + group.getName().toUpperCase()))); + } return new LccOidcUser( mappedAuthorities,